Personal data processing
In accordance with the aforementioned Law, data processing shall be based on the principles of fairness, lawfulness, and transparency, protecting your privacy and your rights.
Data Protection Officer
Vicenzi S.p.A, pursuant to art. 37 of the GDPR, designated Lawyer Roberto Vasapolli Data Protection Officer (DPO), who can be contacted at the following e-mail address: firstname.lastname@example.org
Purposes of data processing and legal basis
Depending on the needs expressed from time to time by the user accessing the various sections of the Website (and with the exception of special rules and information notices for individual operations involving the provision of specific personal data, published from time to time on the Website), the purposes of personal data processing are indicated below, i.e. the personal data provided directly by users by filling in online forms or by using links to directly access the e-mail address relating to the service requested, or the personal data acquired automatically by browsing (please see the section “Categories of Personal Data subject to processing” below) (hereinafter, “Personal Data”):
Data processing means any operation or set of operations performed with or without the aid of electronic or automated means, concerning the collection, recording, organisation, storage, processing, modification, extraction, comparison, use, disclosure, dissemination, interconnection, blocking, deletion, destruction, and selection of data.
Personal Data shall mainly be processed in automated form but also on paper, with logic strictly related to the above purposes, using the databases and electronic platforms managed by the Data Controller or by third parties appointed as Data Processors (for the updated list, users can contact the Data Controller at the address indicated) and/or integrated computer systems and/or websites owned or used by Vicenzi S.p.A.. The Data Controller has adopted appropriate technical and organisational security measures to protect users against the risk of loss, abuse, or alteration of Data. In particular, it uses the protected data transmission protocols known as HTTPS. In addition, it stores user data on servers located in Europe. Servers are subject to an advanced, daily backup and disaster recovery system.
Duration of processing
Any data provided shall only be stored for the amount of time necessary to fulfil the purposes for which said personal data are processed, or for a longer period, for purposes permitted by law, and shall in any case be deleted without undue delay.
For purposes relating to information requests: in relation to the type of request, for the time necessary to fulfil the legal obligation of data retention and/or for any other legal requirements. For general requests, a maximum of 12 months. For newsletter subscriptions, a maximum of 24 months from the last interaction (for example, when you open the e-mail containing our newsletter).
Where data are processed
Personal Data are mainly processed at the headquarters of the Data Controller and/or in the places where the Data Processors are located. For further information, users can contact the Data Controller as described above.
The nature and methods of providing Personal Data
Provision of personal data is optional, however, failure to provide data will make it impossible to process your request and/or sign you up to the newsletter and/or allow you to use the services available on the Website requiring registration. Personal Data can be provided by filling in the appropriate fields in the various sections of the Website or by sending requests via e-mail where required.
Categories of Personal Data subject to processing
In addition to the Personal Data provided directly by users (such as name, surname, address, e-mail address, etc.), when connecting to the Website, the computer systems and software procedures used to operate the Website automatically and indirectly provide and/or acquire certain information that could constitute personal data, which must be transmitted in order to use internet communication protocols (including, but not limited to, so-called “cookies” (as better specified below), “IP” addresses, domain names of the computers used by those connecting to the Website, the “Url” addresses of the resources requested, the time of the request to the server, navigation on the Website.
Categories of persons who may become aware of users’ Personal Data
Employees or collaborators of the Data Controller may be made aware of Personal Data. These individuals, operating under the direct authority of the Data Controller, process data and are appointed as data processors or individuals authorised to process data in accordance with Articles 24-29 of European Reg. 2016/679. System administrators may also be made aware of Personal Data and these individuals shall receive adequate operating instructions in this regard from the Data Controller; the same shall be done – under the responsibility of the Data Processors appointed by the Data Controller – with regard to employees or collaborators of said Data Processors. The Data Processors, appointed by the Data Controller, may be third-party companies or other parties that carry out outsourcing activities on behalf of Vicenzi S.p.A. (for example, but not limited to, parties appointed to provide services regarding assistance, communication, promotion and sale of products and/or services, IT service providers, managers and/or developers of websites or applications contained therein, managers of electronic platforms, partners).
Scope of disclosure or dissemination of users’ Personal Data
Employees or collaborators of the Data Controller may be made aware of Personal Data; these individuals, operating under the direct authority of the Data Controller, process data and are authorised to do so; system administrators may also be made aware of Personal Data and shall receive adequate operating instructions from the Data Controller.
Data Processors appointed by the Data Controller may also be made aware of Personal Data, as may third-party companies or other parties that carry out outsourcing activities on behalf of Vicenzi S.p.A. (for example, but not limited to, parties appointed to provide services regarding assistance, communication, promotion and sale of products and/or services, organisation and management of competitions, IT service providers, managers and/or developers of websites or applications contained therein, managers of electronic platforms, transport companies, customer service management companies).
Transfer of users’ Personal Data outside the EU
The Data Controller may transfer your Personal Data outside the European Economic Area, in which case the transfer shall be carried out by the Data Controller subject to drawing up Standard Contractual Clauses with suppliers of servers and/or services in compliance with the templates provided by the European Commission.
The website contains virtually no information aimed directly at minors. Minors must not provide any information or personal data. Only adults are to take part in the competitions that may be present on the website.
Social Network Plugins
The collection and use of information by such third parties is governed by their respective privacy policies to which you are kindly requested to refer.
Users may exercise their rights under Articles 16-21 of European Reg. 2016/679 (Right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object). Finally, users may also lodge a complaint with the data protection authority [in Italy: Autorità Garante per la protezione dei dati personali], if necessary, or they may contact said authority to request information on how to exercise their rights under European Regulation 2016/679. More specifically:
Data subjects may lodge a complaint with the data protection authority [in Italy: ‘Autorità Garante per la protezione dei dati personali’]: www.garanteprivacy.it), if necessary, or they may simply contact said authority for information on how to exercise their rights under EU Reg. 2016/679.